On July 30, a military judge found Army Pfc. Bradley Manning guilty of multiple violations of the Espionage Act and other laws because of his unauthorized disclosure of restricted government records to the WikiLeaks website.
On July 31, the Secretary of the Army formally established the Army Insider Threat Program. Remarkably, this is still a pending initiative rather than an accomplished fact.
The program “will ensure the security and safety of Army computer networks by establishing an integrated capability to monitor and audit user activity across all domains to detect and mitigate activity indicative of insider threat behavior,” wrote Army Secretary John M. McHugh in Army Directive 2013-18.
The directive requires development and implementation of “a technical capability to monitor user activity on the Secure Internet Protocol Router Network” used by Manning as well as on the Joint World Intelligence Communication System.
In order to facilitate the identification of insider threats, the directive authorizes the sharing of counterintelligence and a variety of other sensitive information, including personal medical information. (“The Surgeon General will provide information from medical sources, consistent with privacy laws and regulations, to authorized personnel to help them recognize the presence of an insider threat.”)
The new Army directive was issued in response to a November 21, 2012 Obama White House memorandum on “National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs.”
Some government insider threat programs go beyond encouraging sensible security practices, and seem to promote free-ranging suspicion in the workplace.
A slide prepared by the Defense Information Systems Agency for an online training module on insider threats suggests that an employee who “speaks openly of unhappiness with U.S. foreign policy” may represent a risk. (The only thing more troubling might be someone who speaks openly of happiness with U.S. foreign policy.) See “Unhappy With U.S. Foreign Policy? Pentagon Says You Might Be A ‘High Threat'” by Matt Sledge, Huffington Post, August 7.
On June 21, 2013 the Director of National Intelligence issued Intelligence Community Directive 703 on “Protection of Classified National Intelligence, Including Sensitive Compartmented Information.”
The directive summarizes and re-states classified information security policy, including little-known facts such as: “The Director of the Central Intelligence Agency (CIA) provides SCI access determinations and Sensitive Compartmented Information Facility (SCIF) accreditation for the legislative and judicial branches of the U.S. Government.”
Using the NIST as an example, the Radiation Physics Building (still without the funding to complete its renovation) is crucial to national security and the medical community. If it were to go down (or away), every medical device in the United States that uses radiation would be decertified within 6 months, creating a significant single point of failure that cannot be quickly mitigated.
The federal government can support more proactive, efficient, and cost-effective resiliency planning by certifying predictive models to validate and publicly indicate their quality.
We need a new agency that specializes in uncovering funding opportunities that were overlooked elsewhere. Judging from the history of scientific breakthroughs, the benefits could be quite substantial.
The cost of inaction is not merely economic; it is measured in preventable illness, deaths and diminished livelihoods.